-
Notifications
You must be signed in to change notification settings - Fork 96
/
rest_handler.go
59 lines (48 loc) · 1.49 KB
/
rest_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package cas
import (
"net/http"
"github.com/golang/glog"
)
// restClientHandler handles CAS REST Protocol over HTTP Basic Authentication
type restClientHandler struct {
c *RestClient
h http.Handler
}
// ServeHTTP handles HTTP requests, processes HTTP Basic Authentication over CAS Rest api
// and passes requests up to its child http.Handler.
func (ch *restClientHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if glog.V(2) {
glog.Infof("cas: handling %v request for %v", r.Method, r.URL)
}
username, password, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", "Basic realm=\"CAS Protected Area\"")
w.WriteHeader(401)
return
}
// TODO we should implement a short cache to avoid hitting cas server on every request
// the cache could use the authorization header as key and the authenticationResponse as value
success, err := ch.authenticate(username, password)
if err != nil {
if glog.V(1) {
glog.Infof("cas: rest authentication failed %v", err)
}
w.Header().Set("WWW-Authenticate", "Basic realm=\"CAS Protected Area\"")
w.WriteHeader(401)
return
}
setAuthenticationResponse(r, success)
ch.h.ServeHTTP(w, r)
return
}
func (ch *restClientHandler) authenticate(username string, password string) (*AuthenticationResponse, error) {
tgt, err := ch.c.RequestGrantingTicket(username, password)
if err != nil {
return nil, err
}
st, err := ch.c.RequestServiceTicket(tgt)
if err != nil {
return nil, err
}
return ch.c.ValidateServiceTicket(st)
}